From c7656c13c57b59d3b6628ddc917cc89b7da4f37e Mon Sep 17 00:00:00 2001 From: dwertent Date: Wed, 11 Jan 2023 16:11:49 +0000 Subject: [PATCH 01/13] Automated commit - update operator image tag with: v0.1.8 --- charts/kubescape-cloud-operator/Chart.yaml | 7 +++++-- charts/kubescape-cloud-operator/values.yaml | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/charts/kubescape-cloud-operator/Chart.yaml b/charts/kubescape-cloud-operator/Chart.yaml index 9cae65bf..1ca95cb6 100644 --- a/charts/kubescape-cloud-operator/Chart.yaml +++ b/charts/kubescape-cloud-operator/Chart.yaml @@ -8,13 +8,16 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.8.18 + + +version: 1.8.23 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: 1.8.18 + +appVersion: 1.8.23 maintainers: - name: Ben Hirschberg diff --git a/charts/kubescape-cloud-operator/values.yaml b/charts/kubescape-cloud-operator/values.yaml index b82b2a59..c79a5d2c 100644 --- a/charts/kubescape-cloud-operator/values.yaml +++ b/charts/kubescape-cloud-operator/values.yaml @@ -177,7 +177,7 @@ operator: image: # -- source code: https://github.com/kubescape/operator repository: quay.io/kubescape/operator - tag: v0.0.64 + tag: v0.1.8 pullPolicy: Always service: From 60adf5e0c2880d552a399d075c82f57dd9638517 Mon Sep 17 00:00:00 2001 From: Daniel Grunberger <84905812+Daniel-GrunbergerCA@users.noreply.github.com> Date: Wed, 11 Jan 2023 21:55:40 +0200 Subject: [PATCH 02/13] Test connectivity (#45) * update * release * update img * new version * update * new * new version * new version * change only rbac * update tags * latest Co-authored-by: David Wertenteil --- charts/kubescape-cloud-operator/Chart.yaml | 7 ++----- charts/kubescape-cloud-operator/templates/ks-ns-role.yaml | 2 +- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/charts/kubescape-cloud-operator/Chart.yaml b/charts/kubescape-cloud-operator/Chart.yaml index 1ca95cb6..ecc59074 100644 --- a/charts/kubescape-cloud-operator/Chart.yaml +++ b/charts/kubescape-cloud-operator/Chart.yaml @@ -8,16 +8,13 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) - - -version: 1.8.23 +version: 1.9.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. - -appVersion: 1.8.23 +appVersion: 1.9.1 maintainers: - name: Ben Hirschberg diff --git a/charts/kubescape-cloud-operator/templates/ks-ns-role.yaml b/charts/kubescape-cloud-operator/templates/ks-ns-role.yaml index 8a5002bb..e319bd65 100644 --- a/charts/kubescape-cloud-operator/templates/ks-ns-role.yaml +++ b/charts/kubescape-cloud-operator/templates/ks-ns-role.yaml @@ -11,5 +11,5 @@ rules: resources: ["cronjobs"] verbs: ["*"] - apiGroups: [""] - resources: ["configmaps"] + resources: ["configmaps", "secrets"] verbs: ["*"] \ No newline at end of file From d28761b3f32342771a1878dab0c890a659b32d4f Mon Sep 17 00:00:00 2001 From: Matan Shkalim Date: Thu, 12 Jan 2023 10:51:05 +0000 Subject: [PATCH 03/13] add input validator --- .github/workflows/00-cicd.yaml | 36 ++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/.github/workflows/00-cicd.yaml b/.github/workflows/00-cicd.yaml index ca4fc252..c2792066 100644 --- a/.github/workflows/00-cicd.yaml +++ b/.github/workflows/00-cicd.yaml @@ -3,11 +3,15 @@ name: 00-CICD-helm-chart on: workflow_dispatch: inputs: - IMAGE_TAG: + CHANGE_TAG: required: true + default: true + type: boolean + IMAGE_TAG: + # required: true type: string COMPONENT_NAME: - required: true + # required: true type: string HELM_E2E_TEST: required: true @@ -16,9 +20,29 @@ on: # secrets: inherit jobs: - helm-values-update: + input-validator: + runs-on: ubuntu-latest + steps: + - name: input validator + run: | + if [ ${{ inputs.CHANGE_TAG }} = true ]; then + echo "CHANGE_TAG = true, checking if inputs COMPONENT_NAME and IMAGE_TAG are not null" + echo "COMPONENT_NAME = ${{ inputs.COMPONENT_NAME }}" + echo "IMAGE_TAG = ${{ inputs.IMAGE_TAG }}" + if [[ "${{ inputs.COMPONENT_NAME }}" = "" ]] || [[ "${{ inputs.IMAGE_TAG }}" = "" ]]; then + echo "One or more inputs are undefined" + exit 1 + fi + echo "We are good to go" + elif [ ${{ inputs.CHANGE_TAG }} = false ]; then + echo "CHANGE_TAG = false, the workflow will not change any component image tag" + fi + + helm-chart-update: + needs: input-validator uses: ./.github/workflows/01-update_tag.yaml with: + CHANGE_TAG: ${{ inputs.CHANGE_TAG }} IMAGE_TAG: ${{ inputs.IMAGE_TAG }} COMPONENT_NAME: ${{ inputs.COMPONENT_NAME }} MODE: patch @@ -26,7 +50,7 @@ jobs: secrets: inherit e2e-test: - needs: helm-values-update + needs: helm-chart-update if: ${{ inputs.HELM_E2E_TEST == true }} uses: ./.github/workflows/02-e2e-test.yaml with: @@ -49,9 +73,9 @@ jobs: UPDATE_LABELS: "" helm-release: - needs: [helm-values-update, merge-to-master] + needs: [helm-chart-update, merge-to-master] if: ${{ (always() && (contains(needs.*.result, 'success') || contains(needs.*.result, 'skipped')) && !(contains(needs.*.result, 'failure')) && !(contains(needs.*.result, 'cancelled'))) }} with: - COMMIT_REF: ${{ needs.helm-values-update.outputs.COMMIT_REF }} + COMMIT_REF: ${{ needs.helm-chart-update.outputs.COMMIT_REF }} uses: ./.github/workflows/03-helm-release.yaml secrets: inherit From 381db53db54d8e4ae6d110fbc51d5d380320a995 Mon Sep 17 00:00:00 2001 From: Matan Shkalim Date: Thu, 12 Jan 2023 10:52:02 +0000 Subject: [PATCH 04/13] split commit&push&pr-creation to two different actions --- .github/workflows/01-update_tag.yaml | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/.github/workflows/01-update_tag.yaml b/.github/workflows/01-update_tag.yaml index a10d6b9a..93fea13b 100644 --- a/.github/workflows/01-update_tag.yaml +++ b/.github/workflows/01-update_tag.yaml @@ -9,6 +9,9 @@ on: workflow_call: inputs: + CHANGE_TAG: + required: true + type: boolean IMAGE_TAG: required: true type: string @@ -26,17 +29,18 @@ on: outputs: COMMIT_REF: description: "latest commit sha" - value: ${{ jobs.update-helm-values.outputs.COMMIT_REF}} + value: ${{ jobs.update-helm-chart.outputs.COMMIT_REF }} jobs: - update-helm-values: + update-helm-chart: outputs: COMMIT_REF: ${{ steps.commit-ref.outputs.COMMIT_REF }} runs-on: ubuntu-latest steps: - name: echo-input-parameters run: | + echo "CHANGE_TAG = ${{ inputs.CHANGE_TAG }}" echo "IMAGE_TAG = ${{ inputs.IMAGE_TAG }}" echo "COMPONENT_NAME = ${{ inputs.COMPONENT_NAME }}" echo "MODE = ${{ inputs.MODE }}" @@ -46,6 +50,7 @@ jobs: name: Checkout - name: change tag + if: ${{ inputs.CHANGE_TAG }} uses: matanshk/yaml-tag-changer@main with: filename: charts/kubescape-cloud-operator/values.yaml @@ -53,6 +58,7 @@ jobs: tag: ${{ inputs.IMAGE_TAG }} - name: cat-file-values-file + if: ${{ inputs.CHANGE_TAG }} run: cat charts/kubescape-cloud-operator/values.yaml - name: Bump helm chart version @@ -65,16 +71,16 @@ jobs: - name: cat Chart.yaml run: cat charts/kubescape-cloud-operator/Chart.yaml - - name: Commit and create PR - uses: peter-evans/create-pull-request@v4.2.3 + - uses: stefanzweifel/git-auto-commit-action@v4.16.0 + name: commit changes and push + with: + commit_message: "Automated commit - update ${{ inputs.COMPONENT_NAME }} image tag with: ${{ inputs.IMAGE_TAG }}" + + - uses: repo-sync/pull-request@v2.11 + name: create a new PR with: - token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} # needs to be a PAT with "repo" scoped permissions - commit-message: "Automated commit - update ${{ inputs.COMPONENT_NAME }} image tag with: ${{ inputs.IMAGE_TAG }}" - branch: dev - base: master - delete-branch: false - title: "Pulling ${{ github.ref }} into master - ${{ inputs.COMPONENT_NAME }}:${{ inputs.IMAGE_TAG }}" - draft: false + destination_branch: "master" + pr_title: "Pulling ${{ github.ref_name }} branch into master - Automated PR by CICD" - name: get latest commit sha id: commit-ref From 6f6661effefb0ae4d7bd537e22cc3c12503f8d8f Mon Sep 17 00:00:00 2001 From: matanshk <90377897+matanshk@users.noreply.github.com> Date: Tue, 17 Jan 2023 09:01:46 +0000 Subject: [PATCH 05/13] Update PAT on merge action --- .github/workflows/00-cicd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/00-cicd.yaml b/.github/workflows/00-cicd.yaml index c2792066..41c23ab2 100644 --- a/.github/workflows/00-cicd.yaml +++ b/.github/workflows/00-cicd.yaml @@ -65,7 +65,7 @@ jobs: - name: merge-to-master uses: "pascalgn/automerge-action@v0.15.5" env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + GITHUB_TOKEN: "${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}" MERGE_COMMIT_MESSAGE: "Merge to master - PR number: {pullRequest.number}" MERGE_ERROR_FAIL: "true" MERGE_METHOD: "merge" From b3d309fffe2c5b8e88bb869ea8a3e12162306113 Mon Sep 17 00:00:00 2001 From: matanshk Date: Wed, 18 Jan 2023 12:00:36 +0000 Subject: [PATCH 06/13] Automated commit - update image tag with: --- charts/kubescape-cloud-operator/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/kubescape-cloud-operator/Chart.yaml b/charts/kubescape-cloud-operator/Chart.yaml index ecc59074..e9bd1c22 100644 --- a/charts/kubescape-cloud-operator/Chart.yaml +++ b/charts/kubescape-cloud-operator/Chart.yaml @@ -8,13 +8,13 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.9.1 +version: 1.9.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: 1.9.1 +appVersion: 1.9.2 maintainers: - name: Ben Hirschberg From 2ac989c3b66ac72fb31f1ab9e773ddc65e3702cb Mon Sep 17 00:00:00 2001 From: matanshk <90377897+matanshk@users.noreply.github.com> Date: Wed, 18 Jan 2023 12:06:57 +0000 Subject: [PATCH 07/13] Update 01-update_tag.yaml --- .github/workflows/01-update_tag.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/01-update_tag.yaml b/.github/workflows/01-update_tag.yaml index 93fea13b..d47227a8 100644 --- a/.github/workflows/01-update_tag.yaml +++ b/.github/workflows/01-update_tag.yaml @@ -81,10 +81,11 @@ jobs: with: destination_branch: "master" pr_title: "Pulling ${{ github.ref_name }} branch into master - Automated PR by CICD" - + github_token: GH_PERSONAL_ACCESS_TOKEN + - name: get latest commit sha id: commit-ref run: echo "COMMIT_REF=$(git log --oneline | head -n1 | awk {'print $1}')" >> $GITHUB_OUTPUT - name: echo commit ref - run: echo ${{ steps.commit-ref.outputs.COMMIT_REF }} \ No newline at end of file + run: echo ${{ steps.commit-ref.outputs.COMMIT_REF }} From 018f8745125e4a70d47bc5dc8347bd82e2a9f252 Mon Sep 17 00:00:00 2001 From: matanshk <90377897+matanshk@users.noreply.github.com> Date: Wed, 18 Jan 2023 12:07:23 +0000 Subject: [PATCH 08/13] Update Chart.yaml --- charts/kubescape-cloud-operator/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/kubescape-cloud-operator/Chart.yaml b/charts/kubescape-cloud-operator/Chart.yaml index e9bd1c22..6d2c503e 100644 --- a/charts/kubescape-cloud-operator/Chart.yaml +++ b/charts/kubescape-cloud-operator/Chart.yaml @@ -14,7 +14,7 @@ version: 1.9.2 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: 1.9.2 +appVersion: 1.9.1 maintainers: - name: Ben Hirschberg From 10ccdad88b9bb33a56e1d0f51c3d6d54af09de85 Mon Sep 17 00:00:00 2001 From: matanshk <90377897+matanshk@users.noreply.github.com> Date: Wed, 18 Jan 2023 12:07:33 +0000 Subject: [PATCH 09/13] Update Chart.yaml --- charts/kubescape-cloud-operator/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/kubescape-cloud-operator/Chart.yaml b/charts/kubescape-cloud-operator/Chart.yaml index 6d2c503e..ecc59074 100644 --- a/charts/kubescape-cloud-operator/Chart.yaml +++ b/charts/kubescape-cloud-operator/Chart.yaml @@ -8,7 +8,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.9.2 +version: 1.9.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From b49b154b6b5e788947e58f6f09120da377395c1e Mon Sep 17 00:00:00 2001 From: matanshk Date: Wed, 18 Jan 2023 12:09:20 +0000 Subject: [PATCH 10/13] Automated commit - update image tag with: --- charts/kubescape-cloud-operator/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/kubescape-cloud-operator/Chart.yaml b/charts/kubescape-cloud-operator/Chart.yaml index ecc59074..e9bd1c22 100644 --- a/charts/kubescape-cloud-operator/Chart.yaml +++ b/charts/kubescape-cloud-operator/Chart.yaml @@ -8,13 +8,13 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.9.1 +version: 1.9.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: 1.9.1 +appVersion: 1.9.2 maintainers: - name: Ben Hirschberg From 4d523d55f2c66d84b0063da9dabfc8209b124bb4 Mon Sep 17 00:00:00 2001 From: matanshk <90377897+matanshk@users.noreply.github.com> Date: Wed, 18 Jan 2023 12:45:21 +0000 Subject: [PATCH 11/13] Update 01-update_tag.yaml --- .github/workflows/01-update_tag.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/01-update_tag.yaml b/.github/workflows/01-update_tag.yaml index d47227a8..ba737cb6 100644 --- a/.github/workflows/01-update_tag.yaml +++ b/.github/workflows/01-update_tag.yaml @@ -81,7 +81,7 @@ jobs: with: destination_branch: "master" pr_title: "Pulling ${{ github.ref_name }} branch into master - Automated PR by CICD" - github_token: GH_PERSONAL_ACCESS_TOKEN + github_token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} - name: get latest commit sha id: commit-ref From b7e2a20691a16a0e31dadcb240fac3d2e5b1b23a Mon Sep 17 00:00:00 2001 From: matanshk <90377897+matanshk@users.noreply.github.com> Date: Wed, 18 Jan 2023 12:46:15 +0000 Subject: [PATCH 12/13] Add workflow_dispatch option for helm release job --- .github/workflows/03-helm-release.yaml | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/.github/workflows/03-helm-release.yaml b/.github/workflows/03-helm-release.yaml index c81be5a9..d6abad07 100644 --- a/.github/workflows/03-helm-release.yaml +++ b/.github/workflows/03-helm-release.yaml @@ -1,18 +1,7 @@ name: 03-Helm chart release on: - # workflow_dispatch: - # inputs: - # IMAGE_TAG: - # required: true - # type: string - # COMPONENT_NAME: - # required: true - # type: string - # HELM_E2E_TEST: - # required: true - # default: true - # type: boolean + workflow_dispatch: workflow_call: inputs: @@ -45,4 +34,4 @@ jobs: - name: Run chart-releaser uses: helm/chart-releaser-action@v1.4.1 env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" From 5f7976aae3621791f34d5a626d3148375a8b4f71 Mon Sep 17 00:00:00 2001 From: dwertent Date: Wed, 18 Jan 2023 15:34:30 +0000 Subject: [PATCH 13/13] Automated commit - update operator image tag with: v0.1.10 --- charts/kubescape-cloud-operator/Chart.yaml | 4 ++-- charts/kubescape-cloud-operator/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/kubescape-cloud-operator/Chart.yaml b/charts/kubescape-cloud-operator/Chart.yaml index e9bd1c22..8786404b 100644 --- a/charts/kubescape-cloud-operator/Chart.yaml +++ b/charts/kubescape-cloud-operator/Chart.yaml @@ -8,13 +8,13 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.9.2 +version: 1.9.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: 1.9.2 +appVersion: 1.9.3 maintainers: - name: Ben Hirschberg diff --git a/charts/kubescape-cloud-operator/values.yaml b/charts/kubescape-cloud-operator/values.yaml index c79a5d2c..ef7f9b6c 100644 --- a/charts/kubescape-cloud-operator/values.yaml +++ b/charts/kubescape-cloud-operator/values.yaml @@ -177,7 +177,7 @@ operator: image: # -- source code: https://github.com/kubescape/operator repository: quay.io/kubescape/operator - tag: v0.1.8 + tag: v0.1.10 pullPolicy: Always service: